Badlogic Pi-Mono SVG Artifact Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in Badlogic Pi-Mono version 0.58.4. The issue arises in the SVG Artifact Handler component, specifically within the SvgArtifact.ts file. This vulnerability allows for remote exploitation, where an attacker can manipulate the content generated by a language model (LLM) into creating a malicious SVG artifact. When this artifact is viewed by a user, it executes embedded JavaScript with access to the user's cookies, local storage, and IndexedDB. This exploitation is particularly concerning as it can lead to the theft of sensitive information, including LLM provider API keys and authentication tokens, which are stored in plaintext in the browser's IndexedDB and local storage, respectively.

Impact

Exploitation of this vulnerability results in stored cross-site scripting, allowing for the execution of JavaScript in the context of the user viewing the SVG artifact. This execution can access and exfiltrate all LLM provider API keys, authentication tokens, and chat session history from the user's browser.

Reproduction

To reproduce this vulnerability, first configure API keys for LLM providers in the Pi Web UI. Then, inject a prompt that prompts the LLM to generate an SVG artifact containing a cross-site scripting payload, such as a script to fetch and exfiltrate API keys from IndexedDB. Once the SVG is rendered, the payload will execute, stealing the API keys and other credentials.

Remediation

To address this vulnerability, sanitize SVG content before rendering it using the 'unsafeHTML' directive. This can be done with DOMPurify, a library that cleans HTML and SVG to prevent cross-site scripting. Additionally, apply encryption to stored API keys before saving them in IndexedDB, and consider using a more secure storage method for sensitive information.